Ynab

49 tools. 18 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated:

18 can modify or destroy data
31 read-only
49 tools total

Community server · catalogue entry verified 03/07/2026

How to control Ynab ↓

What Ynab exposes to your agents

Read (31) Write / Execute (13) Destructive / Financial (5)
Critical Risk

The most dangerous Ynab tools

18 of Ynab's 49 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Ynab

PolicyLayer is an MCP gateway — it sits between your AI agents and Ynab, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "import_transactions": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "delete_category": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "create_account": {
    "limits": [
      {
        "counter": "create_account_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "audit_account_reconciliation": {
    "limits": [
      {
        "counter": "audit_account_reconciliation_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Ynab — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON YNAB →

Instant setup, no code required.

All 49 Ynab tools

READ 31 tools
Read audit_account_reconciliation [2-4 API calls] [Workflow] Audit an account Read audit_credit_card_payments [Variable API calls] [Workflow] Audits credit card payment categories by comparing each card Read get_account [1-2 API calls] Get details for a single account. Read get_api_usage [0 API calls] Check current YNAB API usage against the 200 calls/hour rate limit. Read get_budget [1 API call] Get a single budget Read get_budget_settings [1 API call] Get a budget Read get_category [1 API call] Get details for a single category Read get_month [1 API call] Get detailed info for a single budget month including all category balances. Use Read get_month_category [1 API call] Get a category Read get_month_money_movement_groups [1 API call] Get money movement groups for a specific month Read get_month_money_movements [1 API call] Get money movements for a specific month Read get_payee [1 API call] Get details for a single payee Read get_payee_location [1 API call] Get a single payee location by ID Read get_payee_locations_for_payee [1 API call] Get all GPS locations for a specific payee Read get_scheduled_transaction [1 API call] Get details for a single scheduled transaction Read get_transaction [1 API call] Get details for a single transaction Read get_user [1 API call] Get the authenticated user Read list_account_transactions [1 API call] List transactions for a specific account. Read list_accounts [1 API call] List all accounts for a budget including balances and types Read list_budgets [1 API call] List all budgets the user has access to, with optional account info Read list_categories [1 API call] List all categories grouped by category group for a budget Read list_category_transactions [1 API call] List transactions for a specific category Read list_money_movement_groups [1 API call] List all money movement groups for a budget Read list_money_movements [1 API call] List all money movements for a budget (funds moved between categories) Read list_month_transactions [1 API call] List transactions for a specific month Read list_months [1 API call] List all budget months for a budget, showing income, budgeted, activity, and ready to assign Read list_payee_locations [1 API call] List all payee GPS locations for a budget Read list_payee_transactions [1 API call] List transactions for a specific payee Read list_payees [1 API call] List payees for a budget. Budgets often have 1000+ payees; Read list_scheduled_transactions [1 API call] List all scheduled (recurring) transactions for a budget Read list_transactions [1 API call] List transactions for a budget with optional filters. Returns most recent transactions first.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Ynab

Can an AI agent move money through the Ynab MCP server? +

Yes. The Ynab server exposes 2 financial tools including import_transactions, update_month_category. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the Ynab MCP server? +

Yes. The Ynab server exposes 3 destructive tools including delete_category, delete_scheduled_transaction, delete_transaction. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Ynab? +

The Ynab server has 13 write tools including create_account, create_category, create_category_group. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Ynab.

How many tools does the Ynab MCP server expose? +

49 tools across 3 categories: Destructive, Read, Write. 31 are read-only. 18 can modify, create, or delete data.

How do I enforce a policy on Ynab? +

Register the Ynab MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Ynab tool call.

Deterministic rules across all 49 Ynab tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

49 Ynab tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.